SourceCodester Phone Shop Sales Managements System 1.0 CAPTCHA index.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was presented 03/08/2023. The advisory is available at github.com. This vulnerability was named CVE-2023-1275. The attack can be initiated remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project. It is declared as proof-of-concept. It is possible to download the exploit at github.com. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

147

Field

vulnerability_cvss3_meta_tempscore2
vulnerability_cvss3_meta_basescore2
vulnerability_cvss3_cna_basescore1
vulnerability_cvss3_nvd_basescore1
vulnerability_cvss2_nvd_basescore1

Commit Conf

90%35
70%25
50%11

Approve Conf

90%35
70%25
80%11
IDCommitedUserFieldChangeRemarksAcceptedStatusC
1389916304/01/2023VulD...cvss3_cna_basescore3.5see CVSS documentation04/01/2023accepted
90
1389916204/01/2023VulD...cvss3_nvd_basescore6.1nist.gov04/01/2023accepted
90
1389916104/01/2023VulD...cvss2_nvd_basescore4.0nist.gov04/01/2023accepted
90
1389916004/01/2023VulD...cvss3_meta_tempscore4.3see CVSS documentation04/01/2023accepted
90
1389915904/01/2023VulD...cvss3_meta_basescore4.4see CVSS documentation04/01/2023accepted
90
1389915804/01/2023VulD...cve_cnaVulDBnvd.nist.gov04/01/2023accepted
70
1389915704/01/2023VulD...cvss3_cna_aNnvd.nist.gov04/01/2023accepted
70
1389915604/01/2023VulD...cvss3_cna_iLnvd.nist.gov04/01/2023accepted
70
1389915504/01/2023VulD...cvss3_cna_cNnvd.nist.gov04/01/2023accepted
70
1389915404/01/2023VulD...cvss3_cna_sUnvd.nist.gov04/01/2023accepted
70
1389915304/01/2023VulD...cvss3_cna_uiRnvd.nist.gov04/01/2023accepted
70
1389915204/01/2023VulD...cvss3_cna_prLnvd.nist.gov04/01/2023accepted
70
1389915104/01/2023VulD...cvss3_cna_acLnvd.nist.gov04/01/2023accepted
70
1389915004/01/2023VulD...cvss3_cna_avNnvd.nist.gov04/01/2023accepted
70
1389914904/01/2023VulD...cvss2_nvd_aiNnvd.nist.gov04/01/2023accepted
70
1389914804/01/2023VulD...cvss2_nvd_iiPnvd.nist.gov04/01/2023accepted
70
1389914704/01/2023VulD...cvss2_nvd_ciNnvd.nist.gov04/01/2023accepted
70
1389914604/01/2023VulD...cvss2_nvd_auSnvd.nist.gov04/01/2023accepted
70
1389914504/01/2023VulD...cvss2_nvd_acLnvd.nist.gov04/01/2023accepted
70
1389914404/01/2023VulD...cvss2_nvd_avNnvd.nist.gov04/01/2023accepted
70

51 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 51 results.

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!